Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.12 views

ai.h2o:sparkling-water-api-generation_2.11 (>=3.34.0.3-1-2.2 <=3.46.0.1-1-2.4), ai.h2o:sparkling-water-api-generation_2.12 (>=3.34.0.3-1-3.0 <=3.46.0.1-1-3.5) +9 more potentially affected by CVE-2024-10572 via ai.h2o:h2o-ext-xgboost (>=3.34.0.1 <=3.46.0.1)

ai.h2o:h2o-ext-xgboost MAVEN version =3.34.0.1, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.1-1-2.2, =3.34.0.1-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =2.0.0, =2.1.1 Source cves: CVE-2024-10572 Source advisory:...

7.5CVSS7.1AI score0.00636EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10572

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS0.00636EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS0.00636EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:9 a.m.3 views

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS7.1AI score0.00636EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.4 views

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

7.5CVSS7.7AI score0.00636EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.54 views

CVE-2024-10572

CVE-2024-10572 affects h2oai/h2o-3 (v3.46.0.1). The vulnerability arises because the run_tool feature exposes classes in the water.tools package via the AST parser, enabling the XGBoostLibExtractTool . This can be exploited to shut down the server and write large files to arbitrary directories, r...

7.5CVSS7.7AI score0.00636EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder